package cn.cloud.all.security.oauth2.resource;

import cn.cloud.all.security.oauth2.common.AuthenticationScheme;

import java.util.List;

public interface OAuth2ProtectedResourceDetails {

    /**
     * Get a unique identifier for these protected resource details.
     *
     * @return A unique identifier for these protected resource details.
     */
    public String getId();

    /**
     * The client identifier to use for this protected resource.
     *
     * @return The client identifier to use for this protected resource.
     */
    public String getClientId();

    /**
     * The URL to use to obtain an OAuth2 access token.
     *
     * @return The URL to use to obtain an OAuth2 access token.
     */
    String getAccessTokenUri();

    /**
     * Whether this resource is limited to a specific scope. If false, the scope of the authentication request will be
     * ignored.
     *
     * @return Whether this resource is limited to a specific scope.
     */
    boolean isScoped();

    /**
     * The scope of this resource. Ignored if the {@link #isScoped() resource isn't scoped}.
     *
     * @return The scope of this resource.
     */
    List<String> getScope();

    /**
     * Whether a secret is required to obtain an access token to this resource.
     *
     * @return Whether a secret is required to obtain an access token to this resource.
     */
    boolean isAuthenticationRequired();

    /**
     * The client secret. Ignored if the {@link #isAuthenticationRequired() secret isn't required}.
     *
     * @return The client secret.
     */
    String getClientSecret();

    /**
     * The scheme to use to authenticate the client. E.g. "header" or "query".
     *
     * @return The scheme used to authenticate the client.
     */
    AuthenticationScheme getClientAuthenticationScheme();

    /**
     * The grant type for obtaining an acces token for this resource.
     *
     * @return The grant type for obtaining an acces token for this resource.
     */
    String getGrantType();

    /**
     * Get the bearer token method for this resource.
     *
     * @return The bearer token method for this resource.
     */
    AuthenticationScheme getAuthenticationScheme();

    /**
     * The name of the bearer token. The default is "access_token", which is according to the spec, but some providers
     * (e.g. Facebook) don't conform to the spec.)
     *
     * @return The name of the bearer token.
     */
    String getTokenName();

    /**
     * A flag to indicate that this resource is only to be used with client credentials, thus allowing access tokens to
     * be cached independent of a user's session.
     *
     * @return true if this resource is only used with client credentials grant
     */
    public boolean isClientOnly();
}
